This homework will demonstrate your knowledge of creating a testing framework and using that framework to conduct some basic server and web application security controls.
Using the readings from weeks 3 and 4 as a baseline, develop a testing framework with these phases as guidelines for your organization or an organization you would like to work for in the future.
You will need to fill in the details for each phase. Using your newly designed test framework, apply the following security controls to the existing SDEV virtual machine.
1. Fingerprint Web Server (OTG-INFO-002)
2. Review webpage comments and metadata for information leakage (OTG-INFO-005). Manually review the sample HTML applications in the Apache Web Server directories
3. Test HTTP Methods (OTG-CONFIG-006) See which HTTP methods are available on the virtual machine.
You should document the results for the tests and your testing framework in a word document. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.
Note: The SDEV Virtual Machine you downloaded and used for SDEV 300. The URL is here if you need to download it again:
https://citeapps.umuc.edu/SDEV/
he VM runs on the latest version of Oracle Virtual Box.